HackDig : Dig high-quality web security articles for hackers

OpenOffice coders debate retiring the project

Concerns at the Apache Software Foundation that the Apache OpenOffice project it hosts might be failing have prompted a debate about retiring the project, and triggered the resignation of at least one member of the project's management committee. The office productivity suite was once a key element of efforts to build an open source alternative to Micros
Publish At:2016-09-05 20:45 | Read:4600 | Comments:0 | Tags:Open Source Security Productivity Application Development

Surefire security fail: One. App. At. A. Time.

No one questions anymore that app security is critical, but leaving security to the app makers is asking for trouble. You need a centralized approach that makes sure all apps on your network are governed by the same rules.Think of it this way: If you concentrate your efforts on securing individual apps, your network will be as vulnerable as the w
Publish At:2016-07-27 11:40 | Read:4707 | Comments:0 | Tags:Security Mobile Apps Application Development

IDG Contributor Network: How hackers are making products safer

Jono Bacon, the former community manager of Ubuntu, recently left GitHub (his second job since leaving Canonical) to start his own consulting firm. He is currently working with HackerOne, which just announced its Hack the World competition. I spoke with Bacon about HackerOne, his role with the organization and the competition. Following is an edi
Publish At:2016-07-22 21:50 | Read:3605 | Comments:0 | Tags:Security Application Development Open Source

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft.The vulnerabilities were found by researchers from Cisco's Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used t
Publish At:2016-07-22 03:35 | Read:3697 | Comments:0 | Tags:Security Software Application Development

Attackers could steal millions through online phone verification systems

In the latest attack that shows how hard it is for users to identify phone numbers with premium call charges, a researcher has found that he could have earned millions by abusing the online phone verification systems used by Google, Microsoft, and Instagram.Many websites and mobile apps allow users to associate a phone number with their account.
Publish At:2016-07-19 02:20 | Read:4816 | Comments:0 | Tags:Security Application Development

The truth about bug finders: They're essentially useless

Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how
Publish At:2016-07-09 04:35 | Read:3369 | Comments:0 | Tags:Application Development Software Testing Security

Enterprise NPM users to get help with security, licensing

NPM Inc, which oversees the popular NPM registry of JavaScript modules is enlisting outside help to provide guidance on security, code analysis, and licensing issues.Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The cu
Publish At:2016-07-05 09:20 | Read:3518 | Comments:0 | Tags:Application Development Development Tools Security Java Ente

Message in a PCI bottle - preserving message queue integrity

First, a confession. When David and I started writing this series, we envisioned it would be completed after the third part. It appears we were a bit short-sighted. An astute reader challenged us to help address the concepts of preserving queue message data integrity. With that, we welcome you to part 4.In parts 1, 2 and 3 of this series we wrote at leng
Publish At:2016-06-28 12:30 | Read:3839 | Comments:0 | Tags:Application Development Cloud Computing Security

Dangerous 7-Zip flaws put many other software products at risk

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco's Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.The 7-Zip
Publish At:2016-05-13 02:20 | Read:3510 | Comments:0 | Tags:Security Application Development Open Source Software

Developers leak Slack access tokens on GitHub, putting sensitive business data at risk

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.Slack has become one of the most popular collaboration and internal communication tools used by companies because of its versatility. The platform's API allows users to develop
Publish At:2016-04-28 15:35 | Read:3068 | Comments:0 | Tags:Security Application Development Data Breach

MIT's new bug finder uncovers flaws in Web apps in 64 seconds

Finding bugs in Web applications is an ongoing challenge, but a new tool from MIT exploits some of the idiosyncrasies in the Ruby on Rails programming framework to quickly uncover new ones.In tests on 50 popular Web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to
Publish At:2016-04-16 11:35 | Read:3017 | Comments:0 | Tags:Application Development Testing Web Development Security

Chrome extensions will soon have to tell you what data they collect

Google is about to make it harder for Chrome extensions to collect your browsing data without letting you know about it, according to a new policy announced Friday.Starting in mid-July, developers releasing Chrome extensions will have to comply with a new User Data Policy that governs how they collect, transmit and store private information. Extensions w
Publish At:2016-04-16 11:35 | Read:3927 | Comments:0 | Tags:Security Application Development Browsers

Open source code is common, potentially dangerous, in enterprise apps

The Open Source Vulnerability Database shut down this week posed yet another security challenge for developers who routinely inject massive amounts of free off-the-shelf code into new software.As the name suggests, OSVD was a resource where non-commercial developers could look – free - for patches to known vulnerabilities.+More on Network World: 10 best
Publish At:2016-04-12 06:00 | Read:4094 | Comments:0 | Tags:Security Open Source Application Development

Socat vulnerability shows that crypto backdoors can be hard to spot

Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor.Socat is a more complex and feature-rich reimplementation of netcat, a cross-platform networking service that can
Publish At:2016-02-03 12:25 | Read:2876 | Comments:0 | Tags:Security Encryption Application Development Vulnerability

Oracle is planning to kill an attacker's favorite: The Java browser plug-in

Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that."Oracle plans to deprecate the Java browser plugin in JDK 9," the Java Platform Group said in a blog post Wednesday. "This technology will be removed from the Oracle JDK and JRE in a future
Publish At:2016-01-28 11:45 | Read:3950 | Comments:0 | Tags:Security Application Development Java


Share high-quality web security related articles with you:)